8e47db3b48
bug 161552: Make the recipient list traversal functions call the internal
...
nsstoken_FindCertByIssuerAndSN() function to gain the benefit of the fixed
Searching code.
2002-08-14 20:42:40 +00:00
cd77147500
Stop referencing deleted quickder.h header
2002-08-08 01:55:34 +00:00
38fe6c93a3
Implement partial CRL decoding. Fix for 149816. r=wtc . Uses new quick DER decoder
2002-08-07 03:44:12 +00:00
0cd1ab2a75
1) factor out fortezzav1 from the chain processing code to make the code easier
...
to read.
2) only extract keys if we are using fortezzav1 cert (should speed up cert verify
a bit).
3) Add function to verify a specific CA cert to verify a userCert Usage.
2002-08-02 17:51:20 +00:00
a90ba74ddc
Fix compiler warnings on NT
2002-08-02 00:53:15 +00:00
d5f399f630
Fix incorrect macro usage
2002-08-02 00:28:23 +00:00
ce72d3cec3
Correct the test of IP addresses in Subject Alternative Name extensions.
...
bug 103752.
2002-08-01 22:51:56 +00:00
c5ab2eb27e
Fix code to work when subjectAltName extension not present in server cert.
...
Bug 103752.
2002-07-30 23:15:43 +00:00
44acb4b48b
Examine SubjectAltName extensions for SSL server name matching.
...
Bug 103752.
2002-07-30 19:32:33 +00:00
6a2b391359
158005 - add new CRL decode and import functions . Benefits are :
...
- ability to import to any slot
- ability to specify decode options, such as "don't copy DER"
- ability to specify import options, such as "don't do CRL checks"
This patch also maps the existing functions SEC_NewCrl and CERT_ImportCRL
to this new function, eliminating the code duplication that existed
2002-07-19 00:59:34 +00:00
b059277104
Fix for 156802 - remove improper check in CRL decoding
2002-07-19 00:12:13 +00:00
15d93f6e71
Fix for 154212
2002-07-10 00:56:16 +00:00
820318fca7
Fix for 154212 - update patch for CERT_SaveSMimeProfile based on Bob's comments
2002-07-10 00:07:39 +00:00
725d6b457a
Add new CERT_VerifyCertificate function - fix for 149832
2002-07-04 03:09:49 +00:00
2691dfaecb
More performance improvements in listing certs:
...
1) reduce more short term memory allocate/frees.
2) remove sha1 hash calculations from critical paths.
3) when listing user certs, skip decoding of non-user certs.
2002-07-02 15:11:29 +00:00
34637a1925
Fix for 154212 - make CERT_SaveSMimeProfile copy the cert to the database if it comes from an external source
2002-06-27 00:18:35 +00:00
07e1a10985
Reduce the cost of decoding a certificate.
2002-06-20 18:53:16 +00:00
987e670221
exporting CERT_VerifyCertChain. r=relyea
2002-06-19 15:58:51 +00:00
5af6761fdf
Add series to keep track of object handle value validity.
2002-06-13 21:42:41 +00:00
78d49962a7
Don't crash if url is specified, but the crl is broken
2002-05-21 21:26:52 +00:00
15cbb51ea4
bug 144309, return value of STAN_GetCERTCertificate not checked
...
r=wtc
2002-05-20 18:05:11 +00:00
9403262b78
Fix for bug 142868 - CA certificates are imported with NULL nicknames .
2002-05-10 20:21:38 +00:00
b815a638c1
Automatically create a NULL email profile for certs with email addresses which
...
are imported into the internal token.
2002-05-07 20:38:59 +00:00
74f7a8a572
bug 141355, CERT_DecodeDERCertificate is not a safe function for some uses, must be replaced with CERT_NewTempCertificate.
2002-05-02 19:00:13 +00:00
470f233add
Deleted code that was made obsolete by the previous revision.
2002-04-25 21:10:09 +00:00
980175a1c0
bug 138626, remove deleted cert from cache even if references still exist
2002-04-25 19:37:30 +00:00
5c82cde910
Don't crash if we don't find the profile (and thus don't have a slot to free).
2002-04-24 22:23:37 +00:00
ff149d2fc9
NewTemp has to be matched with AddTempCertToPerm
2002-04-22 20:27:52 +00:00
9c0eda08dc
Token and cert processing fixes:
...
1) use NewTempCert rather than DERDecode cert in all import cert cases.
When DERDecode cert is used, we may wind up with a cert that gets cleared
when we try to import it because it already in the cache. NewTempCert will
return the version that is in the cache.
2) If we are returning the CAList, only return certs that are CA's
(not usercerts).
3) Authenticate to all the tokens if necessary before we try to list
certs. (Stan code should eventually get automatic authentication calls in
the code itself).
4) When looking up user certs, don't return those certs with the same
subject, but do not have any key material associated with them (that is
don't crash if we have old certs in our database without nicknames, but
match user certs on our smart cards).
5) Save the nickname associated with our subject list in the temp
cache so we can correctly remove the entry even if the cert's nickname
changes (because of smart card insertions and removals, or because of
creation and deletions of our user cert).
2002-04-22 19:09:01 +00:00
a5c756c373
fix bugs in cert import with smart card cache
2002-04-22 14:14:44 +00:00
46d73e79e3
bug 135521, change cert lookups on tokens to be actual finds instead of traversals
2002-04-15 15:22:11 +00:00
14e7ed26f6
Bug 133584: Fix reference leaks which prevent shutdown in NSS and in the tests.
...
Debug builds can verify correct operation by setting NSS_STRICT_SHUTDOWN, which
will cause an assert if shutdown is called but not all the modules are freed (which
means a slot, key, or cert reference has been leaked).
2002-04-12 19:05:21 +00:00
8f5d6f3546
Add enum names for use in forward declarations.
2002-04-10 23:27:50 +00:00
9af2d39dfa
bug 135871, CERT_ImportCerts not storing temp certs
...
r=relyea
2002-04-09 23:46:57 +00:00
cfbef65b96
Bug 135728: should return SECFailure because the function's return type
...
is SECStatus. r=mcgreer.
2002-04-05 19:25:48 +00:00
d8a51378d3
Bugzilla bug 130703: final adjustment of the CERTSignedCrl structure for
...
NSS 3.4. r=relyea.
2002-03-15 20:21:45 +00:00
c3e27be65d
Bugzilla bug 130983: SEC_FindCrlByName needs to set the 'pkcs11ID' field
...
of the CERTSignedCrl structure it returns. The patch is contributed by
Rangan Sen <rangansen@netscape.com>. r=relyea.
2002-03-15 20:17:15 +00:00
16ce4e209f
bug 129709, incorrect free of cert->nickname
...
r=wtc
2002-03-14 17:42:02 +00:00
bd9858f008
Bugzilla bug 130703: fixed several issues in the NSS 3.4 exported headers.
...
1) Preseve the position of NSS 3.3 elements in the data structures. Some
new fields replace some old deprecated fields where possible to preserve
the total size of the structure.
2) Stan headers are removed from public exports.
3) Some exported functions didn't have prototypes in the public headers.
4) One bug fix: dev3hack.c did not pass the second argument to
nssToken_DestroyCertList.
5) Include the necessary headers to fix undeclared function warnings.
2002-03-14 04:12:25 +00:00
d08e06e182
bug 129298, handle different nicknames across tokens
...
r=relyea/a=wtc
2002-03-07 22:08:00 +00:00
87499c7372
bug 129370, temp cert trusts and S/MIME profiles may cause crashes
...
r/a=wtc
2002-03-07 20:42:40 +00:00
d0a5d7f2a8
Bugzilla bug 128915: the first part of the previous change is not
...
necessary, so replace it with an assertion. r=mcgreer.
2002-03-05 15:49:33 +00:00
e47f6581e4
bug 128915, prevent crash on empty S/MIME profiles
2002-03-04 23:19:20 +00:00
81cd8d66fb
Bugzilla bug 122261: removed an assertion on bad input. Bad input should
...
be reported by returning a failure status. Thanks to erl@voxi.com
(Erland Lewin) for the bug report. r=relyea,kaie.
2002-03-02 15:31:25 +00:00
68e04b2ebb
bug 125796, make sure all CERTCertificates are destroyed as such, and that cache collisions when traversing are handled correctly (by destroying extra reference)
2002-02-26 16:21:48 +00:00
7ccb67b360
CRL issues: 1) return url when finding and importing CRL's.
...
2) fix CERT_ImportCRL so it actually works.
NOTE: Calls of SEC_NewCrl() should verify the signature on the CRL before
importing!.
2002-02-26 02:02:53 +00:00
1c1a88de26
Implement SEC_NicknameConflicts().
2002-02-15 01:57:08 +00:00
0de7977c09
Bugzilla bug 122712: renamed cert_DecodeGeneralName to
...
CERT_DecodeGeneralName because we export this function from nss.def.
(The cert_ prefix suggests an internal function.)
Modified Files:
lib/certdb/genname.c lib/certdb/genname.h lib/certdb/xconst.c
lib/nss/nss.def
2002-02-14 02:53:20 +00:00
3730bf5442
Bugzilla bug 123938: renamed cert_EncodeGeneralName to
...
CERT_EncodeGeneralName. Export CERT_EncodeGeneralName and
CERT_FindKeyUsageExtension from nss.def. Have cmmfrec.c include
nssrenam.h to get __CERT_NewTempCertificate.
Modified Files:
lib/certdb/genname.c lib/certdb/genname.h lib/certdb/xconst.c
lib/crmf/cmmfchal.c lib/crmf/cmmfrec.c lib/nss/nss.def
2002-02-14 02:25:21 +00:00
d07d80baae
bug 124082, don't change trust of existing CA certs during PKCS#12 import
2002-02-12 00:38:16 +00:00
4be862bb78
NSSCryptoContext_ImportCertificate cannot inform the caller that the cert already exists as a temp cert, is is necessary to work around this in CERT_NewTempCertificate by doing a lookup on the cert after it was imported.
...
r=relyea
2002-02-11 22:12:01 +00:00
6a275b1a17
This is a revision of the patch shown in bug 122907. It should fix the leakage seen with client auth. It is needed either way, as NSS 3.3 always checked for pre-existing temp certs before creating a new one.
2002-02-07 14:58:05 +00:00
292ec76f67
Bugzilla bug 119376: initialize a local variable to eliminate a compiler
...
warning.
2002-02-07 01:57:48 +00:00
4127ac3d22
Identify certs that have no trust as CA's if they have the right settings
2002-02-07 00:50:47 +00:00
21e8624189
plug leak found doing client auth, move freeing of cert's slot down a level in case the cert was not made external
2002-02-04 23:04:11 +00:00
6caebdc0ff
fix leak reported in bug 123081 by avoiding allocation for time variable
2002-02-04 22:34:22 +00:00
73ada3b8ed
couple of fixes
2002-01-31 17:28:49 +00:00
79e23ff590
restore checks for critical extenstions and fail if we have any we don't
...
recognize. Just remove the bogus check that v2 crls must have critical extensions
2002-01-31 00:42:43 +00:00
e5d11d5431
Fix 2 memory leaks and a UMR.
...
(keyhand needs to be initialized before we start xor hashing)
Free item and time elements which are transparently allocated for us.
2002-01-26 00:16:03 +00:00
ab89e69ce2
implement istemp and isperm in case clients depend on it, make sure certs own a reference to their slot and then free it
2002-01-24 00:58:02 +00:00
3a1d638a39
restore function CERT_SaveImportedCert, used to set the trust bits of a cert on import. Fixes bug 121487
2002-01-23 21:43:30 +00:00
5b01d3a7d1
fix for bug 120824; functions which collect certs based on subject need to examine *both* the temp and perm stores
2002-01-22 21:56:19 +00:00
e45f8c2b70
more backwards compatibility fixes
...
* always send DER of serial number to PKCS#11 queries
* in softoken, construct key for certificate using decoded serial number with (possibly) a leading zero, for compatibility with version 7 db
* in softoken, decode serial number *without* removing leading zero for searches
2002-01-17 00:20:53 +00:00
f4bdbb65a9
PKCS#11 needs to receive the serial number DER-encoded
2002-01-14 23:19:17 +00:00
63ca3827f8
Keep a copy of the DER Crl.
2002-01-11 17:31:09 +00:00
768f88afc8
Enable OCSP code.
2002-01-10 00:43:39 +00:00
28cb1ce89d
move free of CERTCertificate's arena below the NSSCertificate. needed for the case when an NSSCertificate is freed without ever releasing a CERTCertificate.
2002-01-08 18:51:18 +00:00
7c74d99884
PSM fixes
...
* implement CERT_AddTempCertToPerm in 3.4
* update object instance lists when needed
* correctly check and allocate trust when changing it
2002-01-07 16:45:26 +00:00
16a699c9fb
obey the isperm flag as in nss 3.3
2002-01-06 21:49:48 +00:00
19993e549d
only free slot if funrction returns correctly
2002-01-03 22:49:02 +00:00
681dce3718
fix aix bustage
2002-01-03 20:19:55 +00:00
3cff4ec39c
move handling of certificate reference counting into Stan. NSS 3.4 needs to maintain persistent references of both temp and perm certs in order to replicate the old temp database.
2002-01-03 20:09:30 +00:00
20804d889d
temp certs live in a trust domain. allows the idiom of "if not temp, try perm" to work in 3.4.
2001-12-21 19:14:04 +00:00
1db2d4b283
remove unneeded hack, put in a couple of error checks
2001-12-20 16:50:22 +00:00
8ab68cde61
implement local store of objects for crypto context
2001-12-14 17:32:23 +00:00
7bfd9c97ec
Clean up compilier warnings on Solaris and Linux, most particularly:
...
1) Implicit declaration of function.
2) Possibly unitialized variables.
These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.
2001-12-07 01:36:25 +00:00
08de45a2ba
get modification of trust on builtins certs to work by storing the modified trust on the softoken. implement merging of multiple trust instances.
2001-12-06 23:43:14 +00:00
c3cb1b39dc
land changes for handling temporary and cached certs in 3.4
...
* separate trust object from cert object
* move handling of cryptoki objects into libdev
* implement digest in libdev (for trust object indexing)
* fixes in cache implementation; connect cache to 3.4 certs
* implement CERT_NewTempCertificate via crypto context
2001-11-28 16:23:51 +00:00
89d41ad9ef
changes for PSM to compile against NSS shared libraries.
...
Move SSL and S/MIME to the new common MAPFILE usage
2001-11-21 18:00:28 +00:00
3c7bfd0d6e
More PSM fixes:
...
clean up of the escape adding string code.
Code to keep cert->trust in sync with nscert->trust in various situations.
Code to allow old version of built-ins to continue to work.
Implement TrustDomain_TraverseCertificates so that PK11_ListCerts will work.
2001-11-20 18:28:49 +00:00
082ac010c2
NSS 3.4 integration changes.
...
1) 3.4 needs to bump the version numbers up by one on secmod.db from NSS 3.3
2) Need to add escapes to the configdirectory. (should add them to other parameters as well.
3) put exported files back into the correct headers.
4) Add _BEGIN/_END protos where appropriate.
2001-11-19 19:04:59 +00:00
c59d2d0669
changes to get fips working
2001-11-09 00:36:12 +00:00
daefc3b648
get signtool working
2001-11-08 21:23:35 +00:00
99acfbbff7
a plethora of changes for handling S/MIME certs
2001-11-08 20:46:11 +00:00
ecdcdae799
Fixes to make pkcs12 work correctly:
...
1) Make pkcs12 pbe function.
2) add code to allow setting and getting of the key nickname attribute.
2001-11-08 05:39:56 +00:00
e03f762c52
Land BOB_WORK_BRANCH unto the tip.
...
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
2001-11-08 00:15:51 +00:00
b0a6d74f17
more trust handling stuff
2001-11-06 20:16:19 +00:00
d6045d1fd1
fix possible NULL deref
2001-10-19 20:04:58 +00:00
bb45f449ac
prepare certdb for removal of pcertdb.c; reimplement functions using Stan
2001-10-19 18:05:38 +00:00
2ce2c64fa2
fix AIX build
2001-10-18 13:58:28 +00:00
b9e27bb301
add back pointer to Stan cert from CERTCertificate
2001-10-17 14:37:10 +00:00
e141975d75
Fix compilier warnings on AIX, HP, Linux, and Solaris.
2001-09-20 21:34:42 +00:00
aa0d489657
Fix memory leak
2001-08-24 21:15:52 +00:00
4707b67043
Bugzilla bug 94685: fixed compiler warnings. The patch is from
...
timeless@mac.com .
Modified Files:
cmd/certcgi/certcgi.c cmd/pk12util/pk12util.c
lib/certdb/certdb.c
2001-08-22 22:40:42 +00:00
59865c3857
Bug 90413
2001-07-11 23:57:01 +00:00
163fb1bcdb
Fix bug 72753. Interpret the "slop time" as seconds, not microseconds.
...
Also, use type PRTime instead of int64 in relevant places.
2001-06-21 03:20:09 +00:00
d1f8485a15
Bug# 74343. Check in for relyea. r=ddrinan,r=mcgreer,sr=blizzard,a=dbaron
2001-06-20 23:14:35 +00:00
706dcde7af
Changes for NSS/JSS integration.
2001-06-12 20:57:20 +00:00
0a4af35267
Add DER version of isCA for JSS.
2001-06-06 23:40:51 +00:00
482e9d7d2c
Bugzilla bug #77199 : more PR_CALLBACK changes received from Javier
...
Pedemonte <pedemont@us.ibm.com> for OS/2.
Modified files: cert.h, certdb.h
2001-05-22 22:01:33 +00:00
relyea%netscape.com
jpierre%netscape.com
nelsonb%netscape.com
rangansen%netscape.com
ian.mcgreer%sun.com
wtc%netscape.com
ddrinan%netscape.com
nicolson%netscape.com